Plaid whole business model is that it uses OAuth2 on banks that support it and export the data through APIs; and for the banks that don't, they ask for name/password and scrape it through "fake" web browser that mimick user behavior on the backend.

(I worked for a Plaid competitor. The long-term goal for all similar companies is of course to use OAuth and APIs, because it breaks less often; but since the banks don't offer that, scraping it is!)

MX?